Fortune
Fortune
Fortune 178
Fortune
RETIRED MACHINE

Fortune

Fortune - Other Other
Fortune - Insane Insane

4.8

MACHINE RATING

1566

USER OWNS

1425

SYSTEM OWNS

09/03/2019

RELEASED
Created by AuxSarge

Machine Synopsis

Fortune is an insane difficulty OpenBSD box which hosts a web app vulnerable to RCE. Using the RCE the CA key can be read, which is used to create HTTPS client certificates. The client certificate leads to an SSH login, which helps to bypass the firewall. This allows mounting of an NFS share and dropping a suid to be executed as the user. An application is found to be using faulty encryption logic, which allows for escalation of privileges to root.

Machine Matrix

Ready to start your
hacking journey?